<?php

/**
 * Edit Profile is a page that allows the editting of user information
 *
 * @Author Ryan Olson
 * @Version 1.0
 */

@session_start();
require_once 'shared-functions.php';
require_once 'session.php';
require_once 'masterpage.php';

//Make sure the student is logged in
if (!IsValidSession()) {
    header('Location: login.php?page=edit-profile');
    exit();
}
else
{
    RefreshSession();
}

$user = GetCurrentUserAccessLevel();

//Print out the master page
masterpage("Edit Profile");

$edit = "";
$id = "";
if (isset($_POST['StudentID'])) {
    $id = $_POST['StudentID'];
    $edit = "student";
}
else if (isset($_POST['id'])) {
    $id = $_POST['id'];

    //query to check if student
    $link = connect_db();
    $query = "SELECT * FROM `Student` WHERE `ID` = '".$_POST['id']."'";
    $result = mysql_query($query, $link);
    if(mysql_num_rows($result) > 0)
    {
        $edit = "student";
    }
    else
    {
        $edit = "user";
    }
}
else if (isset($_GET['id'])) {
    $id = $_GET['id'];
    $link = connect_db();
    $query = "SELECT * FROM `Student` WHERE `ID` = '".$_GET['id']."'";
    $result = mysql_query($query, $link);
    if(mysql_num_rows($result) > 0)
    {
        $edit = "student";
    }
    else
    {
        $edit = "user";
    }
}
else
{
    $id = GetSessionUser();
    $edit = "";
}

$link = connect_db();
//If student
if ($edit == "student" || $user == $STUDENT) {
    $query = "SELECT * FROM `User` INNER JOIN `Student` ON `Student`.`ID` = `User`.`UserID`
				  WHERE `User`.`UserID` = '" . $id . "'";
}
else
{
    $query = "SELECT * FROM `User` WHERE `UserID` = '" . $id . "'";
}

$info = mysql_query($query, $link);

if (!$info) {
    echo "Oops.. Something went wrong. please contact technical support.";
    exit();
}

$user = mysql_fetch_array($info);
?>
    <table cellpadding="5">
    <tr>
        <td>
            <table>
                <tr>

    <td>
        <form action="edit-profile-db.php" method="post">
            <input type="hidden" name="id" value="<?php echo $id; ?>"/>
            <input type="hidden" name="edit" value="<?php echo $edit; ?>"/>
            <input type="submit" value="Save"/>
    </td>
    </tr>
    <tr>
        <?php
        if((GetCurrentUserAccessLevel() == $DIRECTOR || GetCurrentUserAccessLevel() == $ADMIN) && $id != GetSessionUser())
        {
            $checked = "";
            if($user['Active'] == 1)
            {
                $checked = " checked ";
            }
            echo '<td valign="middle">';
            echo '<i>Active</i> <input type="checkbox" name="active" value="active"'. $checked .'/>';
            echo '</td>';
        }
        ?>
                </tr>
            </table>
        <td>
    </tr>
<?php
            if (isset($_GET['error'])) {
        echo "<tr><td colspan='2'>" . $_GET['error'] . "</td></tr>";
    }
    ?>
    <tr>
        <td>
            Id:
        </td>
        <td>
            <?php echo $id; ?>
        </td>
    </tr>
    <tr>
        <td>
            Name:
        </td>
        <td>
<?php
                    if (GetCurrentUserAccessLevel() == $DIRECTOR
                        || GetCurrentUserAccessLevel() == $ADMIN) {
    echo '<input type="text" name="txtLastName" size="10" value="' . $user['LastName'] . '"/>, ';
    echo '<input type="text" name="txtFirstName" size="10" value="' . $user['FirstName'] . '"/> ';
    echo '<input type="text" name="txtMiddleName" size="10" value="' . $user['MiddleName'] . '"/>';
}
else
    echo $user['LastName'] . ", " . $user['FirstName'] . " " . $user['MiddleName'];
    ?>
        </td>
    </tr>

    <tr>
        <td>
            Username:
        </td>
        <td>
            <?php
            if ((GetCurrentUserAccessLevel() == $DIRECTOR
                 || GetCurrentUserAccessLevel() == $ADMIN)) {
                echo '<input type="text" name="txtUsername" size="10" value="' . $user['UserName'] . '"/>';
            }
            else
                echo $user['UserName'];
            ?>
        </td>
    </tr>

    <tr>
        <td>
            Email Address:
        </td>
        <td>
            <input type="text" id="txtEmail" name="txtEmail" size="15" value="<?php echo $user['EmailAddress']; ?>"/>
        </td>
    </tr>

    <tr>
        <td>
            <a href="change-password.php?id=<?php echo $id; ?>">Change Password</a>
        </td>
        <td>&nbsp;
            
        </td>
    </tr>
<?php

    if (GetCurrentUserAccessLevel() == $DIRECTOR && $edit === "student") {
        echo '
            <tr>
                <td>
                    School ID:
                </td>
                <td>
                    <input type="text" name="txtSchoolID" size="20" value="' . $user['SchoolID'] . '"/>
                </td>
            </tr>
			
			<tr>
                <td>
                    NMC ID:
                </td>
                <td>
                    <input type="text" name="txtNMCID" size="20" value="' . $user['NMC_ID'] . '"/>
                </td>
            </tr>';
	} else if(GetCurrentUserAccessLevel() == $STUDENT){
		 echo '
            <tr>
                <td>
                    School ID:
                </td>
                <td>
                    ' . $user['SchoolID'] . '
                </td>
            </tr>
			
			<tr>
                <td>
                    NMC ID:
                </td>
                <td>
                   ' . $user['NMCID'] . '
                </td>
            </tr>';
	}
		
	if (GetCurrentUserAccessLevel() == $STUDENT || $edit === "student") {
			echo '
			<tr>
				<td>
					Street
				</td>
				<td>
					 <input type="text" name="txtAddress" size="20" value="' . $user['Address'] . '"/>
				</td>
			</tr>';

        echo '
			<tr>
				<td>
					City
				</td>
				<td>
					 <input type="text" name="txtCity" size="20" value="' . $user['City'] . '"/>
				</td>
			</tr>';

        echo '
			<tr>
				<td>
					Region
				</td>
				<td>
					<input type="text" name="txtRegion" size="20" value="' . $user['Region'] . '"/>
				</td>
			</tr>

			<tr>
				<td>
					Post Code
				</td>
				<td>
					<input type="text" name="txtPostCode" size="20" value="' . $user['PostalAddress'] . '"/>
				</td>
			</tr>

			<tr>
				<td>
					Country
				</td>
				<td>
					<input type="text" name="txtCountry" size="20" value="' . $user['Country'] . '"/>
				</td>
			</tr>

            <tr>
				<td>
					Hometown
				</td>
				<td>
					<input type="text" name="txtHometown" size="20" value="' . $user['Hometown'] . '"/>
				</td>
			</tr>
			
			 <tr>
				<td>
					Phone Number
				</td>
				<td>
					<input type="text" name="txtPhoneNumber" size="20" value="' . $user['PhoneNumber'] . '"/>
				</td>
			</tr>

			<tr>
				<td>
					Date of Birth:
				</td>
				<td>
					' . $user['DOB'] . '
				</td>
			</tr>

			<tr>
				<td>
					Program
				</td>';

        $query = "SELECT * FROM `Program` WHERE `ProgramID` = '" . $user['programID'] . "'";

        $programs = mysql_query($query, $link);

        if (!$programs) {
            echo 'Oops... something went wrong. Please contact technical support';
            exit();
        }

        echo '<td>';
        $program = mysql_fetch_array($programs);
        echo $program['Name'] . ', ' . $program['Code'] . '-' .
                 str_pad($program['Semester'], 2, '0', STR_PAD_LEFT) . $program['Year'];
        echo '</td>';

        echo '
			</tr>
			</table>
			</form>';
    }

    endmasterpage();
    ?>

